Does telecommunications secrecy apply to employers - Is a decades-long dispute finally coming to an end?

1. Does telecommunications secrecy apply to employers?

Only if the private use of company e-mail and telecommunications services is expressly prohibited there has been the general view that the secrecy of tele-communications does not apply. In such cases, for example, access to business e-mail accounts is based exclusively on data protection regulations.

The application of telecommunications secrecy in cases of permitted or tolerated private use would result in employers being significantly restricted in their ability to access business e-mail accounts, for example. If, as is often the case, no valid consent from the affected employee is present, access would only be possible in a few exceptional cases, if at all.

As a result of the change in the law at the end of 2021, many employers hoped that the supervisory authorities would reconsider their previous legal opinion. With the amendment on December 1st, 2021, the seventh part of the Tele-communications Act (TKG), which had previously contained telecommuni-cations secrecy, was completely removed from the TKG and transferred to the second part of the newly created Telecommunications-Telemedia Data Protection Act (TTDSG). As part of this adjustment, § 88 TKG (old version) became § 3 TTDSG. In the literature, however, there was quickly a predominant consensus that most of the arguments of the supervisory authorities remained valid even after the introduction of § 3 para. 2 TTDSG, which is said to have adopted the previous regulation without substantive changes. The supervisory authorities themselves have recently remained rather reserved with clear statements about their current position. Therefore, the legal uncertainty for employers persisted unabated, even though opinions in the literature and case law, which are against the application of telecommunications secrecy, have recently clearly predominated.

The Data Protection Commissioner of North Rhine-Westphalia (LDI NRW), Ms. Bettina Gayk, has abandoned her strict stance in her recently published 29th activity report and stated that, in her opinion, employers are no longer subject to telecommunications secrecy.

2. 29. Report of Activities

In the 29th activity report, the data protection officer states, among other things:

"Following the entry into force of the Telecommunications Telemedia Data Protection Act (TTDSG), German supervisory authorities (Federal Commissioner for Data Protection and Freedom of Information, LDI NRW and other state data protection authorities) assume that the legal assessment has changed: Employers who allow or tolerate their employees' private use of the internet and e-mail are no longer subject to telecommunications law [...].

Employers who allow or tolerate private use generally lack the will to be legally bound. Employers do not act as business telecommunications service providers towards their employees. Therefore, they also do not want that the legal standards that apply to these service providers to be applied to them."
 

3. Impact on Practice

It remains to be seen how the other state data protection authorities will position themselves. However, until opposing views from other data protection authorities are published, it can already be noted that with the publication of the 29th activity report by the LDI NRW, a level of legal certainty has been reached that employers have been waiting for nearly 20 years. The dispute will only be definitively resolved with a joint publication by the supervisory authorities - at least until there are opposing decisions from higher courts, which, given the developments in case law, literature, and now among supervisory authorities in recent years, seem rather unlikely.

It will also become easier for employers to regulate private use within the framework of company agreements, as works councils and their advisors have often adhered to the conservative view of the supervisory authorities in the past.

Fundamentally, regardless of telecommunications secrecy, the (private) use of company e-mail and telecommunications services should be regulated, which the LDI NRW also advises. An appropriate regulation can help fulfill data protection requirements and, in many cases, create the conditions for accessing the e-mail account. It should be noted that access to the e-mail account is significantly restricted from a data protection perspective as well - independent of telecommunications secrecy - and requires a data protection legal basis, such as § 26 Federal Data Protection Act (BDSG), for access and processing. Therefore, access to an employee's e-mail account is not possible without cause.